Re: [FW-1] Websense with Client Auth

Subject:	Re: [FW-1] Websense with Client Auth
From:	hboogz <hboogz AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 25 Jan 2007 16:24:51 -0500

what do you think happened for it to work ?

On 1/25/07, fwguru <fwguru AT gmail DOT com> wrote:


never mind.  I got it to work.

thanks


On 1/25/07, fwguru <fwguru AT gmail DOT com> wrote:
>
> Fellow Gurus -
>
> Has anybody ever implemented a Websense UFP rule with Client Auth?  I am
> wondering if the following setup will work:
>
> Group_of_Nets | ANY | http-Websense_UFP | Reject | Log | Note: Websense
> Block rule with URI Resource
> Group_of_Users | ANY | http | Client Auth | Log | Note: HTTP Allow rule
> with Client Auth
>
> Note: Websense is pulling its users from AD.  The Client Auth is
> authenticating against a Radius server.  By itself, the Client Auth rule
> works and has been working.  The Websense is a new turnup.  Without the
> Client Auth rule, Websense UFP works as expected.  With the Client Auth
rule
> enabled as above, all http traffic is rejected by the fw daemon on
cleanup
> rule.  In theory, this should work, or I may be missing something here.
>
> Background:
> NG FP3 on Solaris
> Websense on W2K3
> Managed by P-1 R55.
> Customer's local firewall sits between the Websense box and the CMA.  We
> had to NAT the Websense box only to pull the dictionary from the
CMA.  The
> OPSEC object was then changed to point back to the un-Natted Websense
> object.
>
> I appreciate your time,
>
> Neil Delacruz
>
>
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================




--
HBooGz:\>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Websense with Client Auth, fwguru Re: [FW-1] Websense with Client Auth, fwguru Re: [FW-1] Websense with Client Auth, Roger P Herr Re: [FW-1] Websense with Client Auth, hboogz <= Re: [FW-1] Websense with Client Auth, fwguru Re: [FW-1] Websense with Client Auth, Claudia Cordova Re: [FW-1] Websense with Client Auth, fwguru

Previous by Date:	Re: [FW-1] Websense with Client Auth, Roger P Herr
Next by Date:	Re: [FW-1] Websense with Client Auth, Claudia Cordova
Previous by Thread:	Re: [FW-1] Websense with Client Auth, Roger P Herr
Next by Thread:	Re: [FW-1] Websense with Client Auth, fwguru
Indexes:	[Date] [Thread] [Top] [All Lists]